winnielinnie
MVP
- Joined
- Oct 22, 2019
- Messages
- 3,641
Replication tasks can be set to "Include dataset properties" or "Full Filesystem Replication", both of which should result in a native ZFS encrypted dataset replicating to a destination and retaining its encryption.
The issue you likely face, is that a GELI pool is treated as an unencrypted data set, so neither of those options will result in encryption at the destination.
I haven't found a way to make the replication task inherit encryption on the remote side, the way you can with the command line.
Looks like the GUI wasn't designed for this in mind, after all. Going from a non-encrypted source to a destination you wish to "encrypt and inherit all in one go" is either not possible via the GUI, or hidden behind some counter-intuitive combination of settings.
I got some pretty whacky results testing this with the GUI, and so I have to fallback to "it works via the command-line", just as @gary_1 explained above.
Even with the "Recursive" option, and choosing the source dataset (and its children) with "Encryption" checked for the destination option, only seems to encrypt the parent dataset, while leaving the children unencrypted on the destination. It's also not clear how selecting certain options and specific datasets translates into the command line (behind the scenes.) I cannot figure out which option (if any!) does the equivalent of "-x encryption". But then again, maybe it's not a priority from the design standpoint, since it might only be used for a "one-time migration to the new native ZFS encryption".
For example, when selecting a single dataset from the source, and selecting only the poolname for the destination, it complains about "cannot overwrite an encryption root". But then I tried it again by selecting multiple children nested under a parent on the source side, and it dumps them one level below the selected destination when the task completes. So choosing multiple source datasets implies "nest these underneath the selected destination", yet choosing a single source dataset implies "try to overwrite the destination!"
I never found the Replication Tasks GUI to be clear, let alone intuitive nor self-explanatory. It's a shame, because I believe it's ideal to avoid using the command-line as much as possible on a graphical appliance.
Last edited: